Trend Micro InterScan Web Security Virtual Appliance ReportHandler DoCmd Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ReportHandler's DoCmd method. A crafted cmd parameter...

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration manageEth Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method. A...

CVE-2016-3021

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request...

Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal

This module exploits a directory traversal vulnerability in Cisco Firepower Management under the context of www user. Authentication is required to exploit this vulnerability. This module requires Metasploit: https://metasploit.com/download Current source:...

Smart Guard Network Manager 6.3.2 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SQL Injection In Smart Guard Network Manager Api Date: 03/12/2016 Exploit Author: Rahul Raz Vendor Homepage: http://www.xsinfoways.com/ Software Name: Smart Guard Network Manager Version: 6.3.2 Tested on: Ubuntu Linux...

Smart Guard Network Manager 6.3.2 - SQL Injection

Exploit Title: SQL Injection In Smart Guard Network Manager Api Date: 03/12/2016 Exploit Author: Rahul Raz Vendor Homepage: http://www.xsinfoways.com/ Software Name: Smart Guard Network Manager Version: 6.3.2 Tested on: Ubuntu Linux Vulnerability type: CWE-89: Improper Neutralization of Special...

NBOX Detection (HTTP)

Detects the installed version of NBOX. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

24online SMS_2500i 8.3.6 build 9.0 - SQL Injection

Exploit for jsp platform in category web applications Exploit Title: SQL Injection In 24 Online Billing API Date: 03/07/2016 Exploit Author: Rahul Raz Vendor Homepage: http://24onlinebilling.com Software Name:24online Model SMS2500i Version: 8.3.6 build 9.0 Tested on: Ubuntu Linux Potentially...

24online SMS_2500i 8.3.6 build 9.0 - SQL Injection

Exploit Title: SQL Injection In 24 Online Billing API Date: 03/07/2016 Exploit Author: Rahul Raz Vendor Homepage: http://24onlinebilling.com Software Name:24online Model SMS2500i Version: 8.3.6 build 9.0 Tested on: Ubuntu Linux Potentially others versions older than this are vulnerable too...

The vulnerability of the MySQL database management system allows a malicious actor to cause service failures.

The vulnerability of the Oracle MySQL Server database management system allows unauthorized users, after passing authentication, to affect data accessibility by using the DML subcomponent...

24 Online 8.3.7 Build 9.0 SQL Injection

Software name: 24 online Version: 8.3.6 build 9.0 Vendor website: http://24onlinebilling.com Potentially others versions older than this are vulnerable too. Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' The invoiceid GET parameter o...

Web2py 2.14.5 - Multiple Vulnerabilities

Web2py 2.14.5 - Multiple Vulnerabilities Title - Web2py 2.14.5 Multiple Vulnerabilities LFI,XSS,CSRF Exploit Title : Web2py 2.14.5 Multiple Vulnerabilities LFI, XSS,CSRF Reported Date : 2-April-2016 Fixed Date : 4-April-2016 Exploit Author : Narendra Bhati -...

CVE-2016-3985

The Terminal Services Remote Desktop Protocol RDP client session restrictions feature in Pulse Connect Secure aka PCS 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors...

CVE-2016-0886

EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcpmember API call...

CVE-2016-0865

Tollgrade SmartGrid LightHouse Sensor Management System SMS Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors...

Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary text files on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChangePassword RPC method. By providing a malformed query, an attacker ca...

Dell SonicWALL GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the GMS ViewPoint GMSVP web application. The issue lies in the handli...

Advantech WebAccess datacore Service datacore.exe AlarmMessage strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x5228 IOCTL in the Kernel subsystem. A heap-based buffer...

Cisco Integrated Management Controller Denial of Service Vulnerability

Cisco Integrated Management Controller that IMC, is the United States Cisco Cisco company a set of tools for the management of the UCS Unified Computing System, which supports HTTP, SSH access, etc., and can be on the server, shutdown and reboot operations. A denial of service vulnerability exist...

CVE-2015-4334

CVE-2015-4334 affects Blue Coat ProxySG SGOS when deployed as an explicit proxy. The default configuration forwards authentication challenges from upstream origin content servers, enabling a remote attacker to obtain sensitive information via HTTP 407 responses. Affected SGOS versions are before ...